security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ff9cd8d20ffa6f653fa56ccd6c6b655c88506e0
blue-team-tools/rules/windows/powershell/powershell_script
T
History
Fukusuke Takahashi 8ff9cd8d20 Merge PR #4958 from @fukusuket - Update unreachable/broken references 
chore: Credential Dumping Tools Accessing LSASS Memory
chore: Potential MFA Bypass Using Legacy Client Authentication
chore: Possible DC Shadow Attack
chore: Potential Privileged System Service Operation - SeLoadDriverPrivilege
chore: Remote Thread Creation In Uncommon Target Image
chore: RDP File Creation From Suspicious Application
chore: Suspicious PROCEXP152.sys File Created In TMP
chore: Outbound Network Connection Initiated By Microsoft Dialer
chore: NTFS Alternate Data Stream
chore: PowerShell Get-Process LSASS in ScriptBlock
chore: Windows Firewall Profile Disabled
chore: Potentially Suspicious GrantedAccess Flags On LSASS
chore: HackTool - PCHunter Execution
chore: Mstsc.EXE Execution With Local RDP File
chore: Suspicious Mstsc.EXE Execution With Local RDP File
chore: Mstsc.EXE Execution From Uncommon Parent
chore: PowerShell Get-Process LSASS
chore: LSASS Access From Program In Potentially Suspicious Folder
chore: Uncommon GrantedAccess Flags On LSASS 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Thanks: @fukusuket
2024-08-10 01:23:58 +02:00
..
posh_ps_aadinternals_cmdlets_execution.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_access_to_browser_login_data.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_active_directory_module_dll_import.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_add_dnsclient_rule.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_add_windows_capability.yml
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
posh_ps_adrecon_execution.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_amsi_bypass_pattern_nov22.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_amsi_null_bits_bypass.yml
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
posh_ps_apt_silence_eda.yml
feat: new rules, updates and fp fixes (#4162)
2023-04-11 13:04:22 +02:00
posh_ps_as_rep_roasting.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_audio_exfiltration.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_automated_collection.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_capture_screenshots.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_clear_powershell_history.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_clearing_windows_console_history.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_cmdlet_scheduled_task.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_computer_discovery_get_adcomputer.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_copy_item_system_directory.yml
Merge PR #4684 from @phantinuss - Multiple FP fixes & rule updates
2024-01-23 12:15:04 +01:00
posh_ps_cor_profiler.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_create_local_user.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_create_volume_shadow_copy.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_detect_vm_env.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_directorysearcher.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_directoryservices_accountmanagement.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_disable_psreadline_command_history.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_disable_windows_optional_feature.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_dotnet_assembly_from_file.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_download_com_cradles.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_dsinternals_cmdlets.yml
Merge PR #4888 from @nasbench - Add multiple new rules, updates and fixes
2024-07-17 11:04:05 +02:00
posh_ps_dump_password_windows_credential_manager.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_enable_psremoting.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_enable_susp_windows_optional_feature.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_enumerate_password_windows_credential_manager.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_etw_trace_evasion.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_exchange_mailbox_smpt_forwarding_rule.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_export_certificate.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_frombase64string_archive.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_get_acl_service.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_get_adcomputer.yml
Merge PR #4867 from @nasbench - Promote older rules status from experimental to test
2024-06-03 10:29:22 +02:00
posh_ps_get_adgroup.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_get_adreplaccount.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_get_childitem_bookmarks.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_get_process_security_software_discovery.yml
Merge PR #4498 from @Tuutaans - Update PowerShell Security Software Discovery Rule
2023-10-28 12:41:41 +02:00
posh_ps_hktl_rubeus.yml
Merge PR #4745 from @nasbench - Promote older rules status from experimental to test
2024-03-01 15:38:35 +01:00
posh_ps_hktl_winpwn.yml
Merge PR #4529 from @swachchhanda000 - Add New Rules Related To WinPwn Execution
2023-12-04 14:24:19 +01:00
posh_ps_hotfix_enum.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_icmp_exfiltration.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_import_module_susp_dirs.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_install_unsigned_appx_packages.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_invoke_command_remote.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_invoke_dnsexfiltration.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_invoke_obfuscation_clip.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_invoke_obfuscation_obfuscated_iex.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_invoke_obfuscation_stdin.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_invoke_obfuscation_var.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_invoke_obfuscation_via_compress.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_invoke_obfuscation_via_rundll.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_invoke_obfuscation_via_stdin.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_invoke_obfuscation_via_use_clip.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_invoke_obfuscation_via_use_mhsta.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_invoke_obfuscation_via_use_rundll32.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_invoke_obfuscation_via_var.yml
Merge PR #4803 from @frack113 - Update regex based rules
2024-04-15 16:37:15 +02:00
posh_ps_keylogging.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_localuser.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_mailboxexport_share.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_malicious_commandlets.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_malicious_keywords.yml
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
2023-10-28 13:15:09 +02:00
posh_ps_memorydump_getstoragediagnosticinfo.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_modify_group_policy_settings.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_msxml_com.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_nishang_malicious_commandlets.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_ntfs_ads_access.yml
Merge PR #4958 from @fukusuket - Update unreachable/broken references
2024-08-10 01:23:58 +02:00
posh_ps_office_comobject_registerxll.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_packet_capture.yml
Merge PR #4852 from @frack113 - Add Potential Packet Capture Activity Via Start-NetEventSession - ScriptBlock
2024-05-13 13:18:39 +02:00
posh_ps_potential_invoke_mimikatz.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_powerview_malicious_commandlets.yml
Merge PR #4577 from @nasbench - Multiple Fixes & Updates
2023-12-21 21:04:18 +01:00
posh_ps_prompt_credentials.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
posh_ps_psasyncshell.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_psattack.yml
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
posh_ps_remote_session_creation.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_remotefxvgpudisablement_abuse.yml
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
posh_ps_request_kerberos_ticket.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_resolve_list_of_ip_from_file.yml
Merge PR #4745 from @nasbench - Promote older rules status from experimental to test
2024-03-01 15:38:35 +01:00
posh_ps_root_certificate_installed.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_run_from_mount_diskimage.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_script_with_upload_capabilities.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_send_mailmessage.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_sensitive_file_discovery.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_set_acl_susp_location.yml
Merge PR #4867 from @nasbench - Promote older rules status from experimental to test
2024-06-03 10:29:22 +02:00
posh_ps_set_acl.yml
Merge PR #4867 from @nasbench - Promote older rules status from experimental to test
2024-06-03 10:29:22 +02:00
posh_ps_set_policies_to_unsecure_level.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_shellcode_b64.yml
Merge PR #4693 from @qasimqlf - Update selection to remove overlap
2024-01-26 12:19:13 +01:00
posh_ps_shellintel_malicious_commandlets.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_software_discovery.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_store_file_in_alternate_data_stream.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_ace_tampering.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_susp_ad_group_reco.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_alias_obfscuation.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_susp_clear_eventlog.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_directory_enum.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_download.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_susp_execute_batch_script.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_extracting.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_follina_execution.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_get_addefaultdomainpasswordpolicy.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_get_current_user.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_get_gpo.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_get_process.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_getprocess_lsass.yml
Merge PR #4958 from @fukusuket - Update unreachable/broken references
2024-08-10 01:23:58 +02:00
posh_ps_susp_gettypefromclsid.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_hyper_v_condlet.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_invocation_generic.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_susp_invocation_specific.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_susp_invoke_webrequest_useragent.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_susp_iofilestream.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_keylogger_activity.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_susp_keywords.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_susp_local_group_reco.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_mail_acces.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_mount_diskimage.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_mounted_share_deletion.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_networkcredential.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_new_psdrive.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_proxy_scripts.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_recon_export.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_remove_adgroupmember.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_service_dacl_modification_set_service.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_set_alias.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_susp_smb_share_reco.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_ssl_keyword.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_start_process.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_unblock_file.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_susp_wallpaper.yml
change status to test
2023-01-27 06:48:34 +01:00
posh_ps_susp_win32_pnpentity.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_win32_shadowcopy_deletion.yml
Merge PR #4859 from @vburov - Update casing of Win32_ShadowCopy for multiple rules
2024-05-27 14:33:46 +02:00
posh_ps_susp_win32_shadowcopy.yml
Merge PR #4859 from @vburov - Update casing of Win32_ShadowCopy for multiple rules
2024-05-27 14:33:46 +02:00
posh_ps_susp_windowstyle.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_susp_write_eventlog.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_susp_zip_compress.yml
Merge PR #4631 from @nasbench - add rules related to CISA aa23-347a advisory and other updates
2023-12-18 16:46:46 +01:00
posh_ps_syncappvpublishingserver_exe.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_tamper_windows_defender_rem_mp.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_tamper_windows_defender_set_mp.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_test_netconnection.yml
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
posh_ps_timestomp.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_token_obfuscation.yml
Merge PR #4700 from @nasbench - Promote older rules status from experimental to test
2024-02-01 02:09:31 +01:00
posh_ps_user_discovery_get_aduser.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_user_profile_tampering.yml
fix: apply suggestions from code review
2023-05-09 16:04:24 +02:00
posh_ps_using_set_service_to_hide_services.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_veeam_credential_dumping_script.yml
Merge PR #4745 from @nasbench - Promote older rules status from experimental to test
2024-03-01 15:38:35 +01:00
posh_ps_web_request_cmd_and_cmdlets.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00
posh_ps_win32_nteventlogfile_usage.yml
Merge PR #4867 from @nasbench - Promote older rules status from experimental to test
2024-06-03 10:29:22 +02:00
posh_ps_win32_product_install_msi.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_win_api_susp_access.yml
Merge PR #4841 from @nasbench - Promote older rules status from experimental to test
2024-05-02 10:34:25 +02:00
posh_ps_win_defender_exclusions_added.yml
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00
posh_ps_windows_firewall_profile_disabled.yml
Merge PR #4958 from @fukusuket - Update unreachable/broken references
2024-08-10 01:23:58 +02:00
posh_ps_winlogon_helper_dll.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_wmi_persistence.yml
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18 11:53:44 +02:00
posh_ps_wmi_unquoted_service_search.yml
Merge PR #4479 From @frack113 - Upgrade Rules Status
2023-10-17 14:35:26 +02:00
posh_ps_wmimplant.yml
feat: updates and enhancements
2023-01-04 17:49:32 +01:00
posh_ps_x509enrollment.yml
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
posh_ps_xml_iex.yml
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
2023-12-01 12:50:36 +01:00